Something is wrong with my environment. I've deleted every extractor I have on all inputs, yet some of the previously defined extraction is still occurring as messages flow in. Newly created grok extractors don't work, nor do simple regex to extract a single term into a named field
Very odd.. On Thursday, May 28, 2015 at 8:37:15 AM UTC-6, Jesse Skrivseth wrote: > > Jochen, > > After the extractor is created, I expected the fields to be available on > the message itself. I look at all messages in the last 5 minutes, visually > find a message that follows this structure, click on it to show the field > list, but none of the supposedly extracted fields show in the field list on > the right panel. Testing that exact message in the extractor does properly > show the fields that should be extracted. > > If I do a plain regex extractor, that does work. But it seems even the > simplest grok - find the first matching number and name it "number" doesn't > work. > > Maybe I don't understand how grok expressions must be formed. -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
